Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 0.11.2
    • Fix Version/s: None
    • Component/s: Compute
    • Labels:

      Description

      Adding a new compute driver for Google Compute Engine.

      1. 0001-Squashed-GCE-commits.patch
        350 kB
        Rick Wright
      2. gce_support.patch
        409 kB
        Rick Wright
      3. libcloud.patch
        56 kB
        Ziyad Mir

        Activity

        Hide
        kami Tomaz Muraus added a comment -

        First thanks for the patch again!

        I did have a look at it a while ago when you initially submitted it and there were some issues I have noticed:

        1. Classes aren't old style (they don't inherit from object)
        2. "raise Exception" is also deprecated, you should do raise Exception('message') or in most cases throw a more specific exception
        3. this patch actually doesn't work by itself because gcelib depends on oauth library which is not installed

        I'm not yet sure what's the best way to proceed with regards to #3. We don't want to add any more dependencies to Libcloud for the reasons already discussed in the past.

        I'm leaning towards not using gcelib again. I've checked the GCE API docs and there is nothing to insane in it so it wouldn't be that hard to implement it from scratch in Libcloud. Only part which would take a bit more time is authentication (oauth2).

        Show
        kami Tomaz Muraus added a comment - First thanks for the patch again! I did have a look at it a while ago when you initially submitted it and there were some issues I have noticed: 1. Classes aren't old style (they don't inherit from object) 2. "raise Exception" is also deprecated, you should do raise Exception('message') or in most cases throw a more specific exception 3. this patch actually doesn't work by itself because gcelib depends on oauth library which is not installed I'm not yet sure what's the best way to proceed with regards to #3. We don't want to add any more dependencies to Libcloud for the reasons already discussed in the past. I'm leaning towards not using gcelib again. I've checked the GCE API docs and there is nothing to insane in it so it wouldn't be that hard to implement it from scratch in Libcloud. Only part which would take a bit more time is authentication (oauth2).
        Hide
        wrigri Rick Wright added a comment -

        I'm picking up where Ziyad left off to get GCE supported in libcloud. Right now, I have a basic working version that removes all dependency on gcelib (which is deprecated anyway) and also does not depend on any additional third party libraries (with one exception, as noted below). I hope to have a patch available in the coming weeks.

        A note on authentication: There are two basic ways for authenticating to GCE using OAUTH2:

        The first is with a "service account". This gives you a private key file and you authenticate based on that key. The problem is that it requires signing the request using an SHA256withRSA (aka RSASSA-PKS1-V1_5-SIGN with the SHA-256 hash). There is no sane way to generate that signature using only Python built-in libraries, so using a service account would require the use of the PyCrypto library.

        The second authentication method is the "installed application" flow. This essentially gives you a URL to visit and log-in/authorize the application. After authenticating, the user is given a code that they would paste in at a prompt. From there, a temporary access token and a refresh token are generated. At that point, the refresh token would be stored locally and used to provide authentication for the application. This second method does not require any crypto functions, but does require a one-time interactive setup.

        The solution I'm working on will support both, but PyCrypto will not be required unless the user of the library wants to use the service account flow. (i.e. There won't be any import errors if a person doesn't have PyCrypto and authenticates with the installed application flow or uses other Providers).

        Anyway, I would appreciate any feedback you have at this point.

        Show
        wrigri Rick Wright added a comment - I'm picking up where Ziyad left off to get GCE supported in libcloud. Right now, I have a basic working version that removes all dependency on gcelib (which is deprecated anyway) and also does not depend on any additional third party libraries (with one exception, as noted below). I hope to have a patch available in the coming weeks. A note on authentication: There are two basic ways for authenticating to GCE using OAUTH2: The first is with a "service account". This gives you a private key file and you authenticate based on that key. The problem is that it requires signing the request using an SHA256withRSA (aka RSASSA-PKS1-V1_5-SIGN with the SHA-256 hash). There is no sane way to generate that signature using only Python built-in libraries, so using a service account would require the use of the PyCrypto library. The second authentication method is the "installed application" flow. This essentially gives you a URL to visit and log-in/authorize the application. After authenticating, the user is given a code that they would paste in at a prompt. From there, a temporary access token and a refresh token are generated. At that point, the refresh token would be stored locally and used to provide authentication for the application. This second method does not require any crypto functions, but does require a one-time interactive setup. The solution I'm working on will support both, but PyCrypto will not be required unless the user of the library wants to use the service account flow. (i.e. There won't be any import errors if a person doesn't have PyCrypto and authenticates with the installed application flow or uses other Providers). Anyway, I would appreciate any feedback you have at this point.
        Hide
        kami Tomaz Muraus added a comment -

        Rick Wright the workflow you have described (supporting both methods, only using first one if PyCrypto is available) and defaulting to OAuth 2 method sounds reasonable to me.

        Reference: https://developers.google.com/api-client-library/python/start/get_started#auth

        Show
        kami Tomaz Muraus added a comment - Rick Wright the workflow you have described (supporting both methods, only using first one if PyCrypto is available) and defaulting to OAuth 2 method sounds reasonable to me. Reference: https://developers.google.com/api-client-library/python/start/get_started#auth
        Hide
        wrigri Rick Wright added a comment -

        Adding patch based on https://github.com/apache/libcloud/pull/115

        Please let me know if you find any issues with the patch (it was created using 'git format-patch').

        Also, I forgot to indicate that the libcloud project should be notified when I sent my ICLA, but it has been filed and you can find my name here:
        http://people.apache.org/committer-index.html#unlistedclas
        (Near the end of the list as 'Rick Wright')

        Show
        wrigri Rick Wright added a comment - Adding patch based on https://github.com/apache/libcloud/pull/115 Please let me know if you find any issues with the patch (it was created using 'git format-patch'). Also, I forgot to indicate that the libcloud project should be notified when I sent my ICLA, but it has been filed and you can find my name here: http://people.apache.org/committer-index.html#unlistedclas (Near the end of the list as 'Rick Wright')
        Hide
        kami Tomaz Muraus added a comment -

        Sorry for not saying this earlier - can you please squash all of the commits into a single one (http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html) and upload an updated patch?

        As far as the ICLA goes - it looks good.

        Thanks!

        Show
        kami Tomaz Muraus added a comment - Sorry for not saying this earlier - can you please squash all of the commits into a single one ( http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html ) and upload an updated patch? As far as the ICLA goes - it looks good. Thanks!
        Hide
        wrigri Rick Wright added a comment -

        As requested, I have attached a patch with all of the git commits squashed into one. Let me know if you find any other problems with it.

        Show
        wrigri Rick Wright added a comment - As requested, I have attached a patch with all of the git commits squashed into one. Let me know if you find any other problems with it.
        Hide
        kami Tomaz Muraus added a comment -

        Awesome.

        Patch has been merged into trunk and 0.12.x. Thanks!

        Show
        kami Tomaz Muraus added a comment - Awesome. Patch has been merged into trunk and 0.12.x. Thanks!

          People

          • Assignee:
            kami Tomaz Muraus
            Reporter:
            ziyadm Ziyad Mir
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development